Value for hidden form field to stop spam

Hi all
I am new to the forum (and a very basic self taught website designer) and have a simple php problem. I have created a form with a hidden field to stop spam, but have struggled to find the correct php code for the ‘if then else’ to reject the form when a spammer fills it in. can you help.

At the top of the page I have this

 $to = " , *****@*****.com" ;
 $from = $_REQUEST['Email'] ; 
 $name = $_REQUEST['name'] ; 
 $headers = "From: $from"; 
 $subject = "Registration Details";
 $spam = "username: $username";

//username is the hidden field to trap spam

 if($from == '') {print "You have not entered an email, please go back and try again";} 
 else { 
 if($name == '') {print "You have not entered a name, please go back and try again";} 
 else { 
 $send = mail($to, $subject, $body, $headers); 
 $send2 = mail($from, $subject2, $autoreply, $headers2); 
{print "Thank you for submitting your details. We all look forward to meeting you and your pet";}
 {print "We encountered an error sending your mail, please notify *****@*****.com"; } 
<p><span class="style4"><a href="index.html" class="style4">Click to return to website</a></span></p>
<p class="style1"><span class="style2">If you have more than one pet please submit another form with their details,<br />
 and include your name and email again.</span> <a href="Moloney-Vets-Registration-Form.html" class="style4">Click to return to form</a></p>

I need an if then else formula for =‘any’


I had some time so, you can check this script



// Define your fields.
// You should create them from PHP so you have better control BUT
// you can also have static fields and have this array only for checks
// (so, a static form and only fields names are generated)
$goodFields = array(
    'name' => array('type' => 'text', 'label' => 'Your name' ),
    'email' => array('type' => 'text', 'label' => 'Email' ),
    'subject' => array('type' => 'text', 'label' => 'The subject' ),
    'message' => array('type' => 'textarea', 'label' => 'Message' ),

// some fields, that we don't want to be filled
$dummyFields = array( 'test1', 'test2', 'test3' );

// some key that is regenerated each session
$key = md5(session_id() . 'SOME_SYSTEM_SALT');

// generate fields for the front-end part
$formFields = array();
// good fields
foreach( $goodFields as $_g_f => $fieldDetails ) {
    $formFields['f'.md5($_g_f . $key)] = $_g_f;
// also, generate dummy fields
foreach( $dummyFields as $_d_f ) {
    $formFields['f'.md5($_d_f . $key)] = $_d_f;
    // assoc the 
    $dummyFields['f'.md5($_d_f . $key)] = $_d_f;

// if the POST was set, we'll have the last field submited
if( isset($_POST[end(array_keys($formFields))]) ) {
    // now, we have good fields and bad fields
    $_form_goodFields = array();
    $_form_badFields = array();
    // for each POST field, make a check
    foreach( $_POST as $_p_field => $_p_value ) {
        // if it's a good field, it will have the key into our $goodFields array
        // that was kept into $formFields
        if( isset($goodFields[$formFields[$_p_field]]) ) {
            $_form_goodFields[$formFields[$_p_field]] = $_p_value;
        // if it's a bad field, it is:
        } else if(
            // not submit
            $_p_field != 'submitButton' &&
            // is a key of the $dummyFields
            isset($_form_badFields[$dummyFields[$_p_field]]) &&
            // and is not empty (by default, the field is empty)
        ) {
            $_form_badFields[$dummyFields[$_p_field]] = $_p_value;
    // if we have some field completed, it'a a spammer
    if( !empty($_form_badFields) ) {
    // else, use $_form_goodFields as it is your POST request


.almostNiceField { display:none }

<form action="" method="post">
    // generate your fields but you can also have a static form
    foreach( $formFields as $encodedName => $fieldName ) {
        if( isset($goodFields[$fieldName]) ) {
        <p><label><?php echo $goodFields[$fieldName]['label'] ?></label><br />
        switch($goodFields[$fieldName]['type']) {
            case 'text':
                echo '<input type="text" name="'.$encodedName.'" value="'.htmlspecialchars( isset($_POST[$encodedName]) ? $_POST[$encodedName] : '', ENT_QUOTES ).'" />';
            case 'textarea':
                echo '<textarea name="'.$encodedName.'" cols="10" rows="10">'.htmlspecialchars( isset($_POST[$encodedName]) ? $_POST[$encodedName] : '', ENT_QUOTES ).'</textarea>';
        } else {
            // some spammers will know to avoid hidden fields so, it's better to have a text that is hidden
            // and also, you should have a class so it will not be visible that the field is hidden
            echo "\
".'<input type="text" name="'.$encodedName.'" class="almostNiceField" />';
<p><input type="submit" name="submitButton" /></p>


I don’t have a blog anymore but, if someone wants, it may be useful to share this code :slight_smile:

Thanks vectorial. but this seems a rather complex addition, and I don’t have a problem with empty fields, I want to reject one that should be empty.

That’s what I did… added some empty fields and, in case one of them does not remain empty, it is a spammer.
Also, fields are renamed each session so, a robot will not be able index your form (send requests at any time).

You may try it - it’s a copy-paste functional script.
You just need to put your action code (email sending or whatever you need)